WHAT IS CLAIMED IS: 



1 . A method for organizing virtual local area networks, the method 
5 comprising the steps of: 

identifying at least one virtual local area network on a network; 
organizing the identified virtual local area network into a multicast domain 
on the network; 

designating an organized virtual area network as a multicast virtual local 
1 0 area network of the multicast domain for receiving a multicast message; 

assigning an associated station to the multicast domain; 
intercepting an Internet Group Management Protocol report targeted for 
the associated station to identify membership of an IP multicast group; 

receiving an IP multicast message for the IP multicast group; 
15 forwarding the IP multicast message to an access point on the multicast 

virtual local area network; and 

transmitting the IP multicast message to the associated station on the 
multicast domain. 

20 2. The method set forth in claim 1 further comprising the step of selecting at 

least one of a plurality of virtual local area networks to receive the multicast message. 

3. The method set forth in claim 1 further comprising the step of establishing 
a multicast key for signing the IP multicast message transmitted on the network. 

25 

4. The method set forth in claim 3 further comprising the step of establishing 
a multicast key identification element corresponding to the multicast key for assisting a 
recipient of the IP multicast message to select the multicast key to decrypt the received IP 
multicast message. 
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5. The method set forth in claim 4 further comprising the step of adding the 
multicast key identification element to a header of the IP multicast message prior to the 
step of transmitting. 

6. The method set forth in claim 1 wherein the step of identifying further 
includes programming a switch on the network to configure the at least one virtual local 
area networks. 

7. The method set forth in claim 1 wherein the step of designating one of the 
at least one virtual local area networks further includes arbitrarily designating one of the 
at least one virtual local area networks as the multicast virtual local area network for the 
multicast domain on the access point. 

8. The method set forth in claim 7 further comprising the step of establishing 
a broadcast key for signing a broadcast message transmitted on the network. 

9. The method set forth in claim 8 further comprising the step of establishing 
a broadcast key identification element corresponding to the broadcast key for assisting a 
recipient of the broadcast message to select the broadcast key to decrypt the broadcast 
message. 

1 0. The method set forth in claim 9 further comprising the step of adding the 
broadcast key and the broadcast key identification element to a header of the broadcast 
message. 

1 1 . The method set forth in claim 10 further comprising the step of 
transmitting the broadcast message encrypted with the broadcast key to prevent 
decryption by stations in a different broadcast domain. 
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12. The method set forth in claim 1 further comprising the step of encrypting 
the EP multicast message prior to transmission. 



5 13. The method set forth in claim 12 further comprising the steps of: 

receiving the IP multicast message on the multicast domain; and 
decrypting the received IP multicast message. 

14. The method set forth in claim 1 further comprising the step of determining 
10 if the IP multicast message is targeted for the multicast domain. 

15. The method set forth in claim 14 further comprising the step of discarding 
the IP multicast message if the IP multicast stream is not targeted for the multicast 
domain. 

15 

16. The method set forth in claim 1 wherein the network is an 802.1 1 network. 

17. A system for targeting multicast transmission on a network, the system 
comprising: 

20 means for identifying at least one virtual local area network on the 

network; 

means for grouping the identified virtual local area networks into a 
multicast domain on the network; 

means for designating one of the identified virtual local area networks as a 
25 multicast virtual local area network for receiving the multicast transmission; 

means for assigning an associated station to the multicast domain; 
means for identifying membership of the. multicast transmission; and 
means for transmitting the multicast transmission to the identified 
members on the multicast virtual local area network. 
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18. The system set forth in claim 17 further comprising means for forwarding 
the multicast transmission to an access point on the multicast virtual local area network. 

5 19. The system set forth in claim 18 further comprising means for generating a 

multicast key for signing the multicast transmission transmitted via the network. 

20. The system set forth in claim 19 further comprising means for generating a 
multicast key identification element for identifying the multicast key. 

10 

21 . The system set forth in claim 20 further comprising means for combining 
the multicast key identification element to the multicast message to form a multicast 
packet. 

15 22. A method for delivering multiple keys, the method comprising: 

identifying a station associated to at least one domain; 
delivering a first encryption key to the station corresponding to a first 

domain; 

delivering a second encryption key to the station corresponding to a 
20 second domain; 

embedding a key identifier in a header of a message to identify a selected 
one of the first and second encryption keys; 

encrypting the message with the selected one of the first and second 
encryption keys; 

25 delivering the message and the header; and 

selecting a decryption key corresponding to the key identifier. 

23. The method set forth in claim 22 further comprising the step of embedding 
a second key identifier into a second header of a second message to identify a second 
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selected one of the first and second encryption keys. 



24. The method set forth in claim 23 further comprising the steps of: 
encrypting the second message with the second selected one of the first 

5 and second encryption keys; and 

delivering the second message and second header. 

25. The method set forth in claim 24 further comprising the step of selecting 
the second decryption key corresponding to the second key identifier. 

10 

26. The method set forth in claim 22 wherein the first domain is a multicast 
domain. 

27. The method set forth in claim 22 wherein the first domain is a broadcast 
15 domain. 

28. The method set forth in claim 26 wherein the second domain is a multicast 
domain. 

20 29. The method set forth in claim 26 wherein the second domain is a broadcast 

domain. 

30. The method set forth in claim 22 wherein the domain is an Internet 
Protocol (IP) multicast domain including a plurality of stations and a plurality of subnets 

25 configured to receive a common message. 

3 1 . The method set forth in claim 30 wherein the common message is a 
common multicast message. 
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